I have developed an applet to sign a pdf using a smart card.I have signed the jars myapplet.jar as itext and bouncy castle libs.The applet works ok from netbeans-it signs the pdf that is in the project folder,but when I put it to HTMl either on desktop or on server it says:

java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at CompensateMeOnlineApplet.init(CompensateMeOnlineApplet.java:67)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

I did not make any security changes since I signed the jars.
What am I missing?

947955 wrote:
bcprov-jdk16-1.46.jar and itextpdf-5.1.3.jar there are ok I think.

Why do you need BC provider? Note - singing bcprov-jdk16-1.46.jar will remove the existing signing which is needed to allow BC provider to be used. JCE provider jars need to be authenticated against a certificate that is authenticated by a Sun/Oracle certificate (1). I'm betting that your certificate is not.

Note (1) - that is not the whole story but will suffice for the moment.

You see I have a php app that generates a pdf that needs to be signed by up to 60 people(one same document).Along the way this is what I got to -to an applet that does this for me ,here you got the code for an applet that at this moment signs a pdf in the project folder-works fine from the Netbeans ,but when I put it to HTML it gives me that error.I think that all the jars I use have to be signed,which I did using keytool and jarsigner.So if I got you right you think I do not need to sign BC provider?Anyway here is my applet it works ok in Netbeans

947955 wrote:
So I am posting to all possible sites for a solution,I come up with

If you don't say what sites you have cross-posted to then people could waste time answering on once site when a solution exists an another.

>

System.SetSecurityManager(null); that could solve the day,am I right?

I hope not. What would be the point of having a security manager that is supposed to protect the user of your Applet if you could bypass it?

Despite the detail you have given indicating a security problem and you trying to solve this by removing the security manager you seem to be ignoring my concern about your signing of the BC JCE jar. Since I never sign the BC jar and have never used one in an Applet I don't know whether or not this signing is the cause of your problem but it goes against the fact that JCE provider jars need to be signed such that the root certificate when validating the signature must be a Sun/Oracle certificate. See section 5 of http://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/HowToImplAJCEProvider.html#Step%205 .